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SECTION  I. 


INTRODUCTION.  The  purpose  of  this  Technical  Report  is  to 
provide  the  CMOS  Security  Plan. 

SUMMARY .  Not  Used . 


CONCLUSION.  Not  Used. 


SECTION  II. 

RESULTS . 

The  CMOS  Security  Plan  is  provided  as  follows 


SECURITY  PLAN 
For 


CARGO  MOVEMENT 
OPERATIONS  SYSTEM 
(CMOS) 

16  April  1990 


Standard  Systems  Center 
Deputy  Chief  of  Staff  for  Acquisition 
Cargo  Movement  Operations  System  Division 


INTRODUCTION 


1 . 


This  Cargo  Movement  Operations  System  (CMOS)  Security  Plan  is 
developed  in  accordance  with  APR  205-16  and  SSCR  205-1.  The 
plan  will  document  the  relevant  security  requirements  of 

CM0S''  - - (£j;t  >  - 

1 . 1  Backgroundin'  CMOS)  is  ^--top-  dQWh_,directed  program.. 

(DEPSECDEF  memo,  T~ Sep  84)^>that  automates' base-level 
transportation  at  240  sites  worldwide.  Air  Force  Program 
Management  Directive  (PMD)  #5272 ( 2 ) /38610F,  Cargo  Movement 
Operations  System  (CMOS),  5  Dec  86,  as  revised  21  June  1988, 
directs  the  development  of  an  automated  system  to  support 
regular  and  crisis  c&rgo  and  personnel  processing, 
documentation,  movement,  and  tracking.  The  CMOS  Program  will 
be  produced  according  to  Air  Force  800-series  and  other 
related  regulations,  ;  CAfc£©  W  Cci«|©  |V' 

SfJtt  *y\,  1>0<h4ti,cS)  Secur'i^Kfr'iir  rorcC^====f~J^3  ^ 

1.2  Development  Strategy.  The  Air  Force  has ’'defined  (1)  the 
user  requirements  to  be  automated  in  Increment  I  and  (2)  the 
user  requirements  for  Increment  II.  Increment  III  actions 
have  not  been  initiated.  Increment  I  provides  automation  of 
base-level  traffic  management  which  includes  the  preparation 
and  reporting  of  cargo  movement.  Increment  II  adds  war 
fighting  capabilities  for  movement  visibility,  contingency 
planning,  mobility  execution,  and  force  deployment. 

Increment  III  will  be  the  vehicle  for  adding  pre-planned 
product  improvement . 


2.  ORGANIZATION 

The  Standard  Systems  Center  is  responsible  for  CMOS 
development.  The  system  will  be  contractually  developed 
under  a  firm  fixed  price  contract.  Program  Management  will 
be  provided  by  the  CMOS  Program  Office,  SSC/AQFT. 


3 .  APPLICABLE  DOCUMENTS 

AFR  205-1,  Information  Security  Program. 

AFR  205-16,  Computer  Security  Policy. 

CSC-STD-001-85 ,  Department  of  Defense  Trusted  Computer 
System  Evaluation  Criteria. 

CSC-SSTD-002-85 ,  Password  Management  Guidelines. 
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Computer  Security  Requirements . 


CSC-STD-003-85, 

CSC-STD-004-85 ,  Technical  Rationale  Behind 
CSC-STD-003-85,  Computer  Security  Requirements. 

DOD  Directive  5200.28,  Security  Requirements  of  Automated 
Information  Systems  (AIS). 


4 .  OBJECTIVE 

The  overall  objective  of  this  plan  is  to  establish  a  CMOS 
security  program.  The  following  paragraphs  identify  the  major 
program  phases  and  the  security  actions  required  for  each  of 
these  phases. 

Conceptual  Phase  —  The  System  Segment  Specifications  for 
Increments  I  and  II  distinguish  the  required  operational 
capabilities,  functions,  and  features.  Relevant  security 
requirements  will  be  included  in  the  Increment  I  requirements 
documents.  In  addition  to  identifying  these  requirements,  a 
preliminary  risk  analysis  will  be  performed.  This  risk 
analysis  will  examine  known  threats,  available  security 
countermeasures,  and  anticipated  operational  vulnerabilities. 
The  preliminary  risk  analysis  will  become  a  key  component  of 
the  functional  baseline. 

Production  Phase  —  During  the  production  phase,  the  risk 
analysis  will  be  updated  to  include  those  design  efforts  that 
will  contribute  to  meeting  all  security  requirements. 
Following  this  analysis,  an  update  and  re-publication  of  the 
risk  analysis  will  take  place. 

Deployment  Phase  —  A  final  published  risk  analysis 
will  accompany  CMOS  Increment  I  when  it  is  deployed.  Included 
in  this  deployment  package  will  be  a  written  certification  of 
security  measures  by  SSC/CC  or  his  designated  representative. 
MAJCOMs  will  update  this  document  to  reflect  threats  and 
vulnerabilities  of  their  respective  operational  environment. 

Life-Cycle  Support  Phase  —  The  Increment  I  Risk  Analysis 
will  be  updated  prior  to  Increment  II  IOC.  In  addition, 
major  changes  driven  by  Increment  III  task  orders  will 
require  an  update  to  the  risk  analysis.  Otherwise,  updates 
will  be  required  every  three  years. 
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5 .  REQUIREMENTS 


CMOS  will  process  sensitive  unclassified  information.  The 
CMOS  development  contractor  will  review  with  the  Program 
Office  all  security  related  requirements  and  specifications. 

5.1  Design  Reviews.  During  design  reviews  (System 
Requirements  Review,  System  Design  Review,  Preliminary  Design 
Review,  and  Critical  Design  Review) ,  MAJCOM  representatives 
will  be  invited  and  encouraged  to  attend  so  that  the 
operational  user  Designated  Approving  Authority  organization 
will  be  kept  abreast  of  all  information  and  decisions 
concerning  security  tradeoffs,  revised  requirements,  etc. 

5.2  Risk  Assessment.  The  risk  analysis  is  the  foundation 
for  documenting  system  security.  The  analysis  should: 

(1)  Identify  the  resources  to  be  protected. 

( 2 )  Determine  the  threats  against  the  resources . 

(3)  Determine  the  vulnerabilities  of  the  system. 

(4)  Determine  whether  safeguards  will  lower  the  risk. 

(5)  Designate  the  certification  authority  and  document 
the  criteria  that  must  be  met  to  obtain  a  C2  level  of 
trust  by  1992. 

It  is  a  DOD  requirement  that  all  automated  information 
systems,  such  as  CMOS  which  process  sensitive  unclassified 
information,  are  secure  to  at  least  level  C2  by  1992.  The 
ways  in  which  this  requirement  is  met  must  be  documented  in 
the  risk  analysis. 


5.3  Security  Test  and  Evaluation  (ST&E).  ST&E  serves  to 
test  security  measures  and  to  validate  the  assumptions  about 
the  effectiveness  of  existing  safeguards.  The  results  of 
ST&E  may  reveal  the  need  to  revise  and  repeat  parts  of  one  or 
more  steps  in  the  risk  analysis.  The  following  will 
encompass  the  steps  of  the  CMOS  ST&E  efforts: 

(1)  Determine  the  Objective. 

(2)  State  Assumptions. 

(3)  Describe  Constraints. 
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(4)  Determine  Test  Procedures. 

(5)  Execute  Tests,  Analyze  Results,  and  Produce  Report. 

5.4  System  Certification.  Confirmation  that  CMOS  meets  all 
criteria  for  C2  level  of  trust  is  the  responsibility  of 
SSC/CC  or  his  designated  representative.  The  CMOS  Program 
Office  will  provide  recommendations  and  other  necessary 
assistance  to  ensure  the  timely  commpletion  of  this 
certification  process. 

6.  SUMMARY 

The  purpose  of  this  plan  is  to  document  the  relevant  security 
requirements  of  CMOS.  The  tenets  of  the  Security  Plan  will 
be  adhered  to  throughout  the  CMOS  life  cycle. 
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